Typosquatting: What You Need to Know Now
As it turns out, your high school English teacher was right—spelling does matter. This is especially true now, when mistyping a simple web address could potentially land you in hot water. Although “typosquatting” has been around for a long time, cybercriminals are becoming more systematic in how they use this technique, aiming to steal personal information, make money, or spread malware.
If you’ve ever typed in a web address and landed on a page that is nothing like the one you intended to go to, you may be familiar with this practice, also known as “URL hijacking.” This is when a webpage is put up at a similar web address to another well-known site, in the hopes of capturing some of the legitimate website’s traffic.
These sites often rely on the small typos we make when we type in web addresses, like accidentally omitting the “o” in “.com”. In fact, researchers recently found a whole host of addresses that were registered in the names of well-known sites, but terminating in “.cm”, instead of “.com”. These copycat addresses included financial websites, such as Chase.cm and Citicards.cm, as well as social and streaming sites.
The .cm sites were used to advertise promotions and surveys used to collect users’ personal information. What’s more, over 1,500 of them were registered to the same email address, indicating that someone was trying to turn typosquatting into a serious business.
While early typosquatting efforts were often aimed at stealing traffic alone, we’re now seeing a move toward clever copycats. Some look like real banking websites, complete with stolen logos and familiar login screens, hoping to trick you into entering your passwords and others sensitive information.
Earlier this year, for instance, the Reserve Bank of India (RBI) warned customers that someone had bought the URL “www.indiareserveban.org”, and put up a fake site, asking for banking details and passwords, even though the real RBI is a central bank that holds no individual accounts.
But, cybercrooks don’t even need to put up fake websites to try to steal your information; they can also trick you into downloading malware. They may lead you to a site that delivers a pop-up screen telling you to update your Adobe Flash Player, for instance.
That’s exactly what happened not too long ago to Netflix users who accidentally typed in “Netflix.om”, instead of “.com”. The cybercrooks had smartly used the Netflix address ending in the top-level domain for Oman to try to redirect at least some of the streaming site’s over 118 million users to a malware-laden site instead. In fact, “.om” was used as part of a larger typosquatting campaign, targeting over 300 well-known organizations.
Given that typos are easy to do, and fake websites are becoming more convincing, here are the steps you should take to protect yourself from typosquatting:
- Whether you type in a web address to the address field, or a search engine, be careful that you spell the address correctly before you hit “return”.
- If you are going to a website where you might share private information, look for the green lock symbol in the upper left-hand corner of the address bar, indicating that the site uses encryption to secure the data that you share.
- Be suspicious of websites with low-quality graphics or misspellings, since these are telltale signs of fake websites.
- Consider bookmarking sites you visit regularly to make sure you get to the right site, each time.
- Don’t click on links in emails, text messages and popup messages unless you know and trust the sender.
- Consider using a safe search tool such as McAfee WebAdvisor, which can alert you to risky websites right in your search results.
- Always use comprehensive security software on both your computers and devices to protect you from malware and other online threats.
More antivirus and malware news?
- Two charged in theft of $40K from hacked Subway keypads
- Apple walks Ars through the iPad Pro’s A12X system on a chip
- Classic Mac OS and dozens of apps can now be run in a browser window
- FBI issues VPNFilter malware warning, says “REBOOT NOW” [PODCAST]
- Misinterpretation of Intel Docs Leads to Flaw in Hypervisors, OSs
- Is Opera *really* the safest browser?
- Update: explorer.pass.psu.edu Web Server Upgrade
- Netcraft Launches Anti-Phishing Mobile App
- Encryption method takes authentication to a new level, improves privacy protection
- Distinguishing Threat Intelligence From Threat Data